Block banned users from adding requests or voting

Also, some minor refactoring.
master
Dessa Simpson 2020-09-14 23:01:11 -07:00
parent ccfcc57540
commit 7de73c9565
3 changed files with 21 additions and 4 deletions

View File

@ -71,6 +71,12 @@ app.post("/api/addRequest", async (request, response) => {
response.send("Must be logged in"); response.send("Must be logged in");
return; return;
} }
var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
if (banned) {
response.status(401);
response.send("You are banned; you may not add new requests.");
return;
}
if (!request.body.url) { if (!request.body.url) {
response.status(400); response.status(400);
response.send("Missing url"); response.send("Missing url");
@ -186,6 +192,12 @@ app.post("/api/addVote", async (request,response) => {
response.send("Must be logged in"); response.send("Must be logged in");
return; return;
} }
var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
if (banned) {
response.status(401);
response.send("You are banned; you may not vote on requests.");
return;
}
if (!request.body.url) { if (!request.body.url) {
response.status(400); response.status(400);
response.send("Missing url"); response.send("Missing url");

View File

@ -5,6 +5,11 @@ export const updateUser = {
ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3" ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
} }
export const checkBan = {
name: "checkBan",
text: "SELECT userid FROM bans WHERE userid = $1"
}
export const insertBan = { export const insertBan = {
name: "insertBan", name: "insertBan",
text: "INSERT INTO bans (userid) VALUES ($1)" text: "INSERT INTO bans (userid) VALUES ($1)"
@ -55,7 +60,7 @@ export const getAllRequestsVoted = {
export const checkRequestExists = { export const checkRequestExists = {
name: "checkRequestExists", name: "checkRequestExists",
text: "SELECT * FROM requests WHERE url = $1" text: "SELECT url FROM requests WHERE url = $1"
} }
export const addRequest = { export const addRequest = {
@ -65,7 +70,7 @@ export const addRequest = {
export const checkValidState = { export const checkValidState = {
name: "checkValidState", name: "checkValidState",
text: "SELECT * FROM states WHERE state = $1" text: "SELECT state FROM states WHERE state = $1"
} }
export const updateRequestState = { export const updateRequestState = {
@ -85,5 +90,5 @@ export const deleteRequest = {
export const checkVoteExists = { export const checkVoteExists = {
name: "checkVoteExists", name: "checkVoteExists",
text: "SELECT * FROM votes WHERE requesturl = $1 AND userid = $2" text: "SELECT userid FROM votes WHERE requesturl = $1 AND userid = $2"
} }

View File

@ -52,7 +52,7 @@ export async function addRequest(url: string, requester: string): Promise<[numbe
export async function updateRequestState(url: string, state: string): Promise<[number,string]> { export async function updateRequestState(url: string, state: string): Promise<[number,string]> {
var query = Object.assign(queries.checkValidState, { values: [state] }); var query = Object.assign(queries.checkValidState, { values: [state] });
var result = await db.query(query); var result = await db.query(query);
if (result.rowCount < 1) { if (result.rowCount == 0) {
return [400,"Invalid state"] return [400,"Invalid state"]
} }